Sample viewer

vx.netlux.org/Virus.DOS.Vnu.539

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:32:36.023736415Z 78 PC: 194ec | Find first file
2018-12-17T22:32:36.039299007Z 61 PC: 19510 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:32:36.045468977Z 63 PC: 19528 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:32:36.053835305Z 66 PC: 19540 | Move file pointer
2018-12-17T22:32:36.058388385Z 66 PC: 19561 | Move file pointer
2018-12-17T22:32:36.059999479Z 64 PC: 1956c | Write file or device (Write 6 bytes on handle 5)
2018-12-17T22:32:36.062821439Z 66 PC: 19575 | Move file pointer
2018-12-17T22:32:36.066970099Z 64 PC: 19580 | Write file or device (Write 32 bytes on handle 5)
2018-12-17T22:32:36.069914166Z 64 PC: 195a8 | Write file or device (Write 507 bytes on handle 5)
2018-12-17T22:32:36.085215896Z 62 PC: 195ac | Close file
2018-12-17T22:32:36.094131595Z 79 PC: 194ec | Find next file
2018-12-17T22:32:36.100125131Z 61 PC: 19510 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:32:36.111620039Z 63 PC: 19528 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:32:36.118359039Z 66 PC: 19540 | Move file pointer
2018-12-17T22:32:36.119857011Z 62 PC: 195ac | Close file
2018-12-17T22:32:36.121606032Z 79 PC: 194ec | Find next file
2018-12-17T22:32:36.125065498Z 61 PC: 19510 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:32:36.131350953Z 63 PC: 19528 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:32:36.13779021Z 66 PC: 19540 | Move file pointer
2018-12-17T22:32:36.139513009Z 62 PC: 195ac | Close file
2018-12-17T22:32:36.141627236Z 79 PC: 194ec | Find next file
2018-12-17T22:32:36.143492154Z 61 PC: 19510 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:32:36.149134493Z 63 PC: 19528 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:32:36.154229688Z 66 PC: 19540 | Move file pointer
2018-12-17T22:32:36.15540519Z 62 PC: 195ac | Close file
2018-12-17T22:32:36.156997958Z 79 PC: 194ec | Find next file
2018-12-17T22:32:36.15942574Z 61 PC: 19510 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:32:36.16346398Z 63 PC: 19528 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:32:36.168119776Z 66 PC: 19540 | Move file pointer
2018-12-17T22:32:36.169271685Z 62 PC: 195ac | Close file
2018-12-17T22:32:36.170555479Z 79 PC: 194ec | Find next file
2018-12-17T22:32:36.173523429Z 61 PC: 19510 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:32:36.180631286Z 63 PC: 19528 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:32:36.185604336Z 66 PC: 19540 | Move file pointer
2018-12-17T22:32:36.186739994Z 66 PC: 19561 | Move file pointer
2018-12-17T22:32:36.188667065Z 64 PC: 1956c | Write file or device (Write 6 bytes on handle 5)
2018-12-17T22:32:36.190375908Z 66 PC: 19575 | Move file pointer
2018-12-17T22:32:36.191639525Z 64 PC: 19580 | Write file or device (Write 32 bytes on handle 5)
2018-12-17T22:32:36.19692936Z 64 PC: 195a8 | Write file or device (Write 507 bytes on handle 5)
2018-12-17T22:32:36.2019725Z 62 PC: 195ac | Close file
2018-12-17T22:32:36.20721411Z 79 PC: 194ec | Find next file
2018-12-17T22:32:36.219925482Z 61 PC: 19510 | Open file (Filename = 'PAH.COM')
2018-12-17T22:32:36.226067045Z 63 PC: 19528 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:32:36.233826959Z 66 PC: 19540 | Move file pointer
2018-12-17T22:32:36.235355025Z 62 PC: 195ac | Close file
2018-12-17T22:32:36.237427965Z 79 PC: 194ec | Find next file
2018-12-17T22:32:36.240070134Z 61 PC: 19510 | Open file (Filename = 'TEST.COM')
2018-12-17T22:32:36.246576031Z 63 PC: 19528 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:32:36.249087624Z 62 PC: 195ac | Close file
2018-12-17T22:32:36.250812571Z 79 PC: 194ec | Find next file
2018-12-17T22:32:36.253656279Z 44 PC: 195c0 | Get time 0x195c0: cmp ch, 9
0x195c3: je 0x195ca
0x195c5: mov ax, 0x100
0x195c8: jmp ax
0x195ca: mov ah, 0x3c
0x195cc: mov cx, 0x20
0x195cf: lea dx, word ptr [bp + 0x303]
0x195d3: int 0x21
0x195d5: jb 0x195da
0x195d7: jmp 0x195e4
0x195d9: nop
0x195da: mov al, byte ptr [0x303]
0x195dd: inc al
0x195df: mov byte ptr [0x303], al
0x195e2: jmp 0x195ca
0x195e4: xchg ax, bx
0x195e5: mov ah, 0x40
0x195e7: lea dx, word ptr [bp + 0x19d]
0x195eb: mov cx, 0x2d
0x195ee: int 0x21
2018-12-17T22:32:36.255930018Z 61 PC: 18f72 | Open file (Filename = 'A:\GMOUSE.INI')
2018-12-17T22:32:36.262143653Z 9 PC: 16f73 | Display string (String= ' ��������������������������������������������������ͻ � Genius Mouse Driver (version 10.20) � � Copyright 1988-1993 KYE Systems Corp. � ��������������������������������������������������ͼ ')
2018-12-17T22:32:36.277822173Z 37 PC: 17167 | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T22:32:36.279113568Z 37 PC: 17186 | Set interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break')
2018-12-17T22:32:36.284839408Z 53 PC: 16e6a | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T22:32:36.28670669Z 37 PC: 16e7e | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T22:32:36.28781476Z 9 PC: 173f2 | Display string (String= 'Personal System II Mouse driver installed. ')
2018-12-17T22:32:36.294168429Z 49 PC: 17219 | Terminate and stay resident (Return code = '0' | Memory size = '1103')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5822,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:30.338143948Z 78 PC: 194ec | Find first file
2018-12-25T11:55:30.346375724Z 61 PC: 19510 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:30.354167039Z 63 PC: 19528 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T11:55:30.361696422Z 66 PC: 19540 | Move file pointer
2018-12-25T11:55:30.36474567Z 66 PC: 19561 | Move file pointer
2018-12-25T11:55:30.367149848Z 64 PC: 1956c | Write file or device (Write 6 bytes on handle 5)
2018-12-25T11:55:30.371665147Z 66 PC: 19575 | Move file pointer
2018-12-25T11:55:30.374339481Z 64 PC: 19580 | Write file or device (Write 32 bytes on handle 5)
2018-12-25T11:55:30.378167262Z 64 PC: 195a8 | Write file or device (Write 507 bytes on handle 5)
2018-12-25T11:55:30.393872727Z 62 PC: 195ac | Close file
2018-12-25T11:55:30.401194507Z 79 PC: 194ec | Find next file (See above)
2018-12-25T11:55:30.404822917Z 61 PC: 19510 | Open file (See above)
2018-12-25T11:55:30.412471861Z 63 PC: 19528 | Read file or device (See above)
2018-12-25T11:55:30.419966985Z 66 PC: 19540 | Move file pointer (See above)
2018-12-25T11:55:30.422294223Z 62 PC: 195ac | Close file (See above)
2018-12-25T11:55:30.42440703Z 79 PC: 194ec | Find next file (See above)
2018-12-25T11:55:30.427712028Z 61 PC: 19510 | Open file (See above)
2018-12-25T11:55:30.435781618Z 63 PC: 19528 | Read file or device (See above)
2018-12-25T11:55:30.443186641Z 66 PC: 19540 | Move file pointer (See above)
2018-12-25T11:55:30.444659311Z 62 PC: 195ac | Close file (See above)
2018-12-25T11:55:30.44654936Z 79 PC: 194ec | Find next file (See above)
2018-12-25T11:55:30.448515036Z 61 PC: 19510 | Open file (See above)
2018-12-25T11:55:30.453194913Z 63 PC: 19528 | Read file or device (See above)
2018-12-25T11:55:30.457961508Z 66 PC: 19540 | Move file pointer (See above)
2018-12-25T11:55:30.459384181Z 62 PC: 195ac | Close file (See above)
2018-12-25T11:55:30.461138024Z 79 PC: 194ec | Find next file (See above)
2018-12-25T11:55:30.464838628Z 61 PC: 19510 | Open file (See above)
2018-12-25T11:55:30.471879995Z 63 PC: 19528 | Read file or device (See above)
2018-12-25T11:55:30.479244511Z 66 PC: 19540 | Move file pointer (See above)
2018-12-25T11:55:30.481137796Z 62 PC: 195ac | Close file (See above)
2018-12-25T11:55:30.483148015Z 79 PC: 194ec | Find next file (See above)
2018-12-25T11:55:30.485968159Z 61 PC: 19510 | Open file (See above)
2018-12-25T11:55:30.49517761Z 63 PC: 19528 | Read file or device (See above)
2018-12-25T11:55:30.502409305Z 66 PC: 19540 | Move file pointer (See above)
2018-12-25T11:55:30.503976747Z 66 PC: 19561 | Move file pointer (See above)
2018-12-25T11:55:30.505352155Z 64 PC: 1956c | Write file or device (See above)
2018-12-25T11:55:30.508992473Z 66 PC: 19575 | Move file pointer (See above)
2018-12-25T11:55:30.510920439Z 64 PC: 19580 | Write file or device (See above)
2018-12-25T11:55:30.521016751Z 64 PC: 195a8 | Write file or device (See above)
2018-12-25T11:55:30.531290231Z 62 PC: 195ac | Close file (See above)
2018-12-25T11:55:30.544540303Z 79 PC: 194ec | Find next file (See above)
2018-12-25T11:55:30.547706883Z 61 PC: 19510 | Open file (See above)
2018-12-25T11:55:30.556958067Z 63 PC: 19528 | Read file or device (See above)
2018-12-25T11:55:30.564623538Z 66 PC: 19540 | Move file pointer (See above)
2018-12-25T11:55:30.566628119Z 62 PC: 195ac | Close file (See above)
2018-12-25T11:55:30.570024395Z 79 PC: 194ec | Find next file (See above)
2018-12-25T11:55:30.573700663Z 61 PC: 19510 | Open file (See above)
2018-12-25T11:55:30.58123652Z 63 PC: 19528 | Read file or device (See above)
2018-12-25T11:55:30.586359921Z 62 PC: 195ac | Close file (See above)
2018-12-25T11:55:30.588959036Z 79 PC: 194ec | Find next file (See above)
2018-12-25T11:55:30.59212307Z 44 PC: 195c0 | Get time 0x195c0: cmp ch, 9
0x195c3: je 0x195ca
0x195c5: mov ax, 0x100
0x195c8: jmp ax
0x195ca: mov ah, 0x3c
0x195cc: mov cx, 0x20
0x195cf: lea dx, word ptr [bp + 0x303]
0x195d3: int 0x21
0x195d5: jb 0x195da
0x195d7: jmp 0x195e4
0x195d9: nop
0x195da: mov al, byte ptr [0x303]
0x195dd: inc al
0x195df: mov byte ptr [0x303], al
0x195e2: jmp 0x195ca
0x195e4: xchg ax, bx
0x195e5: mov ah, 0x40
0x195e7: lea dx, word ptr [bp + 0x19d]
0x195eb: mov cx, 0x2d
0x195ee: int 0x21
2018-12-25T11:55:30.595348921Z 61 PC: 18f72 | Open file (Filename = 'A:\GMOUSE.INI')
2018-12-25T11:55:30.603928603Z 9 PC: 16f73 | Display string (String= ' ��������������������������������������������������ͻ � Genius Mouse Driver (version 10.20) � � Copyright 1988-1993 KYE Systems Corp. � ��������������������������������������������������ͼ ')
2018-12-25T11:55:30.619654195Z 37 PC: 17167 | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T11:55:30.622130207Z 37 PC: 17186 | Set interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break')
2018-12-25T11:55:30.630860776Z 53 PC: 16e6a | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T11:55:30.632764428Z 37 PC: 16e7e | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T11:55:30.634695413Z 9 PC: 173f2 | Display string (String= 'Personal System II Mouse driver installed. ')
2018-12-25T11:55:30.643688747Z 49 PC: 17219 | Terminate and stay resident (Return code = '0' | Memory size = '1103')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":9,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5822,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:30.463380403Z 78 PC: 194ec | Find first file
2018-12-25T11:55:30.472924776Z 61 PC: 19510 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:30.479780432Z 63 PC: 19528 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T11:55:30.48614858Z 66 PC: 19540 | Move file pointer
2018-12-25T11:55:30.488091563Z 66 PC: 19561 | Move file pointer
2018-12-25T11:55:30.489444957Z 64 PC: 1956c | Write file or device (Write 6 bytes on handle 5)
2018-12-25T11:55:30.49200575Z 66 PC: 19575 | Move file pointer
2018-12-25T11:55:30.493640169Z 64 PC: 19580 | Write file or device (Write 32 bytes on handle 5)
2018-12-25T11:55:30.503940202Z 64 PC: 195a8 | Write file or device (Write 507 bytes on handle 5)
2018-12-25T11:55:30.517539943Z 62 PC: 195ac | Close file
2018-12-25T11:55:30.527730588Z 79 PC: 194ec | Find next file (See above)
2018-12-25T11:55:30.530696108Z 61 PC: 19510 | Open file (See above)
2018-12-25T11:55:30.537195025Z 63 PC: 19528 | Read file or device (See above)
2018-12-25T11:55:30.544243571Z 66 PC: 19540 | Move file pointer (See above)
2018-12-25T11:55:30.545549938Z 62 PC: 195ac | Close file (See above)
2018-12-25T11:55:30.547492657Z 79 PC: 194ec | Find next file (See above)
2018-12-25T11:55:30.557494357Z 61 PC: 19510 | Open file (See above)
2018-12-25T11:55:30.56456945Z 63 PC: 19528 | Read file or device (See above)
2018-12-25T11:55:30.570716317Z 66 PC: 19540 | Move file pointer (See above)
2018-12-25T11:55:30.572687375Z 62 PC: 195ac | Close file (See above)
2018-12-25T11:55:30.574362169Z 79 PC: 194ec | Find next file (See above)
2018-12-25T11:55:30.577774138Z 61 PC: 19510 | Open file (See above)
2018-12-25T11:55:30.585664637Z 63 PC: 19528 | Read file or device (See above)
2018-12-25T11:55:30.591842996Z 66 PC: 19540 | Move file pointer (See above)
2018-12-25T11:55:30.593102764Z 62 PC: 195ac | Close file (See above)
2018-12-25T11:55:30.596258234Z 79 PC: 194ec | Find next file (See above)
2018-12-25T11:55:30.599171253Z 61 PC: 19510 | Open file (See above)
2018-12-25T11:55:30.605686756Z 63 PC: 19528 | Read file or device (See above)
2018-12-25T11:55:30.612056209Z 66 PC: 19540 | Move file pointer (See above)
2018-12-25T11:55:30.614449589Z 62 PC: 195ac | Close file (See above)
2018-12-25T11:55:30.616268222Z 79 PC: 194ec | Find next file (See above)
2018-12-25T11:55:30.619376215Z 61 PC: 19510 | Open file (See above)
2018-12-25T11:55:30.625953225Z 63 PC: 19528 | Read file or device (See above)
2018-12-25T11:55:30.632220114Z 66 PC: 19540 | Move file pointer (See above)
2018-12-25T11:55:30.633695982Z 66 PC: 19561 | Move file pointer (See above)
2018-12-25T11:55:30.635339374Z 64 PC: 1956c | Write file or device (See above)
2018-12-25T11:55:30.638009526Z 66 PC: 19575 | Move file pointer (See above)
2018-12-25T11:55:30.639928986Z 64 PC: 19580 | Write file or device (See above)
2018-12-25T11:55:30.652582909Z 64 PC: 195a8 | Write file or device (See above)
2018-12-25T11:55:30.660816949Z 62 PC: 195ac | Close file (See above)
2018-12-25T11:55:30.668980539Z 79 PC: 194ec | Find next file (See above)
2018-12-25T11:55:30.672331713Z 61 PC: 19510 | Open file (See above)
2018-12-25T11:55:30.678905114Z 63 PC: 19528 | Read file or device (See above)
2018-12-25T11:55:30.685375209Z 66 PC: 19540 | Move file pointer (See above)
2018-12-25T11:55:30.688816326Z 62 PC: 195ac | Close file (See above)
2018-12-25T11:55:30.690892938Z 79 PC: 194ec | Find next file (See above)
2018-12-25T11:55:30.693501363Z 61 PC: 19510 | Open file (See above)
2018-12-25T11:55:30.700325737Z 63 PC: 19528 | Read file or device (See above)
2018-12-25T11:55:30.703008482Z 62 PC: 195ac | Close file (See above)
2018-12-25T11:55:30.705063195Z 79 PC: 194ec | Find next file (See above)
2018-12-25T11:55:30.708830722Z 44 PC: 195c0 | Get time 0x195c0: cmp ch, 9
0x195c3: je 0x195ca
0x195c5: mov ax, 0x100
0x195c8: jmp ax
0x195ca: mov ah, 0x3c
0x195cc: mov cx, 0x20
0x195cf: lea dx, word ptr [bp + 0x303]
0x195d3: int 0x21
0x195d5: jb 0x195da
0x195d7: jmp 0x195e4
0x195d9: nop
0x195da: mov al, byte ptr [0x303]
0x195dd: inc al
0x195df: mov byte ptr [0x303], al
0x195e2: jmp 0x195ca
0x195e4: xchg ax, bx
0x195e5: mov ah, 0x40
0x195e7: lea dx, word ptr [bp + 0x19d]
0x195eb: mov cx, 0x2d
0x195ee: int 0x21
2018-12-25T11:55:30.710875371Z 60 PC: 195d5 | Create or truncate file
2018-12-25T11:55:31.040834372Z 64 PC: 195f0 | Write file or device (Write 45 bytes on handle 5)
2018-12-25T11:55:31.049331357Z 61 PC: 195f4 | Open file (Filename = 'Dedicated to the memory of Kurt Donald Cobain��')
2018-12-25T11:55:31.056348905Z 61 PC: 18f72 | Open file (Filename = 'A:\GMOUSE.INI')
2018-12-25T11:55:31.062900456Z 9 PC: 16f73 | Display string (String= ' ��������������������������������������������������ͻ � Genius Mouse Driver (version 10.20) � � Copyright 1988-1993 KYE Systems Corp. � ��������������������������������������������������ͼ ')
2018-12-25T11:55:31.078632913Z 37 PC: 17167 | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T11:55:31.080435837Z 37 PC: 17186 | Set interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break')
2018-12-25T11:55:31.086083444Z 53 PC: 16e6a | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T11:55:31.087822216Z 37 PC: 16e7e | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T11:55:31.088867383Z 9 PC: 173f2 | Display string (String= 'Personal System II Mouse driver installed. ')
2018-12-25T11:55:31.093155806Z 49 PC: 17219 | Terminate and stay resident (Return code = '0' | Memory size = '1103')